package com.cht.commonUtil.AA;

import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.cht.commonUtil.webInit.SP;
import com.cht.commonUtil.widgets.Widgets;

public class Authentication extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doPost(request,response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		
		request.setCharacterEncoding( SP.UIcodeSet );
		response.setCharacterEncoding( SP.UIcodeSet );
		response.setContentType("application/text");
		
		String sql = "SELECT empName FROM emps WHERE empId=? AND empPwd=? AND sysSN=?";
		String empId = request.getParameter("empId");
		String empPwd = request.getParameter("empPwd");
		
		int localSystemId = Integer.parseInt( request.getParameter("localSystemId") );	//本機系統的系統ID
		
		String res = "NoNoNo";
		Connection conn = null;
		PreparedStatement ps = null;
		ResultSet rs = null;
		try {
			conn = Widgets.getConn();
			ps = conn.prepareStatement(sql);
			ps.setString(1, empId);
			ps.setString(2, empPwd);
			ps.setInt(3, localSystemId);
			rs = ps.executeQuery();
			
			if ( rs.next() ) {
				res = rs.getString("empName");
			}
		} catch(Exception e) {
			res  = Widgets.errLog(e);
		} finally {
			try {
				if ( rs !=null ) {rs.close();}
				if ( ps !=null ) {ps.close();}
				if ( conn !=null ) {conn.close();}	
			} catch (Exception e) { e.printStackTrace(); }
		}
		
		response.getWriter().write(res);
	}

}
